Having worked many years in Microsoft Windows environments as a systems administrator, I faced again and again similar challenges – causing me to start approaching some of them in the IT-Admins Tool so I would make my life a bit easier.
One of them was an easy way to read users, groups and computers from Microsoft Active Directory systems for various reasons – including simple research and review as well as on how they are related. This was often due to planning and preparing migrations, simple cleanups and standardization or even whole IT audits.
Another one was even more challenging, how can I investigate an NTFS file-system permission structure and find out quickly where rights change in sub-folders or even on files as well as who does really have access to those files and folders – without spending hours on the research and data collection just to be able to see the big picture.
As it is best practice in most environments, right structures (ACLs / Access Control Lists) on NTFS file-systems are only done to certain levels and always with groups – well – let’s face it – we have all seen user-based permissions on file-systems, but as of my experience, this is never a good idea. Groups then often include other groups and may or may not have users in them. But how do you quickly research and see who actually has access to this file or folder and how can you see where the rights in a sub-folder or even on a file might have changed?
This eventually caused me to approach this with a software application, the IT-Admins Tool. So I started some years ago to develop a tool that allowed me to read users and groups from Microsoft Active Directory, including nested-group memberships from either perspective.
Further did I develop a NTFS file and folder system permissions (ACLs) reader and analyzer. The tool actually reads in the permissions and shows, depending on the folder depth of the scan, if there are break ups in sub-folders or files (by using colors on even the parent folder). It shows which groups have permissions on the selected folders as well as which nested-groups are members and how users fit in to this picture.
This results in to a tool that allows full NTFS analytics and investigation. Other features like long path name investigation have been added as well over the years, including a simple directory compare function or e.g. showing foreign domain members in groups (counters and colors) or exporting an investigated NTFS directory structure in to a plain line by line list so it could be further processed.
In order to be able to process those information further, most of this data is exportable. I had to be able to export simple user and group lists as well as which user is member of which group and which group has which groups and users as members. The same was needed for the NTFS permissions – so I created a structured output for this as well. This came in useful for IT audits or simple daily tasks like creating PowerShell commands in an more automated way, using it the exports as input source for scripts or using those file to compare them against other lists like employee lists etc.
Over the years, I showed this tool to many of my co-workers and other IT administrators I met and shared it with them, so they could use it as well. Some of them even suggested new functions or told me about glitches and bugs. Let me say THANK YOU to all of you!
Now, finally I decided to publish it on a web site to share it with an even larger group, hoping that it will help others as well.
You will find the free download of this tool on this website as well as a manual that helps you understand its features in order to work most efficient with it and of course a contact form if you have any suggestion, comments or just wanted to leave a review.